1. Field of the Invention
The present invention relates generally to identity management, and more particularly to a system and method for managing information associated with a user and controlling access to a resource.
2. Description of the Related Art
Modern computing systems often employ security measures to control access to protected resources. For example, a computing system may implement authentication and authorization processes in order to prevent unauthorized entities from accessing a protected resource. Authentication may include the computing system prompting an entity to provide a credential in order to verify the entity's identity. The authentication may be based on a username and password, a smart card and personal identification number (PIN), or other information associated with the entity. Authorization may include the computing system checking attribute information of the entity in order to verify that the entity is authorized to access the requested resource. For example, the computing system may grant or deny access to a resource based on whether the attribute information of the requesting entity satisfies predefined criteria.
A management system may be employed to manage information, such as user accounts and their associated attributes, and security processes, such as authentication and authorization processes. The computing system or application that provides the protected resource may include such a management system. That is, the computing system or application may manage the information and security processes locally using its own management system dedicated to one or more resources the computing system provides. Alternatively or additionally, the computing system or application that provides the protected resource may use a centralized management system.
A centralized management system may provide, among other things, information management and authentication services for various entities on a network. For example, the centralized management system may manage user accounts for network participants as well as accounts for network resources. When a user tries to access a network resource, the centralized management system, using the account information, may authenticate the user and determine whether the user is authorized to access the resource. Then, only authenticated users who are authorized to access the protected resource may be granted access.
User accounts may be added or deleted, and account attributes may be modified. If a security token, such as a smart card, is to be used for user authentication, the security token must be registered to associate the user account with the security token. Once registered, the security token may be used to gain access to a protected resource on the network.